From: Roll Call
Deficient computer security at the Federal Election Commission has already led to high-level breaches and puts the agency “at high risk” of continued hacking, according to a federal Inspector General report released this month.
FEC information systems, which in the previous election tracked more than $6 billion in political spending, “have serious internal control vulnerabilities and have been penetrated at the highest levels of the agency,” according to the FEC Inspector General’s final audit for fiscal 2013.
The report, which reiterates security concerns flagged by federal auditors for several years running, identifies two specific, high-level hacking incidents. In May of last year, an adversary identified as an “Advanced Persistent Threat” compromised a commissioner’s personal user account, as well as several FEC systems, for eight months running.
During that period, the unidentified hacker had potential access to such sensitive information as details of FEC investigations; General Counsel’s reports; briefs; subpoenas, and personal identifying information.
The second intrusion took place in August of this year and involved the FEC’s public disclosure website, forcing the agency to shut down portions of the system while it investigated. While the FEC was working on remediating the August breach, “another intrusion was detected on the agency’s website in early fiscal year 2014,” according to the report.
Conducted by Leon Snead & Co. and released by the FEC on Dec. 17, the report gives no further details of the second intrusion. But a recent investigation by the Center for Public Integrity disclosed that Chinese hackers crashed FEC computer systems just after the government shutdown on Oct. 1, a breach CPI identified as possibly “the worst act of sabotage” in the agency’s 38-year history.
The CPI report flags an earlier IG audit that had warned the agency was at “high risk” for infiltration, but notes that the FEC responded then that its “systems are secure.” The Chinese hacking incident was “confirmed by three government officials” involved in an ongoing investigation that includes the Department of Homeland Security, according to CPI. During the shutdown, the report also found, commissioners had deemed not a single worker essential, leaving the system particularly vulnerable.